*Question: Can @grpc/grpc-js Support TLS Certificate Validation Using Only a Certificate Hash?* *Context*
In the current implementation of @grpc/grpc-js, creating a secure gRPC channel requires providing the full server certificate to credentials.createSsl(). However, in dynamic environments (e.g., distributed networks with a frequently updated address book), it is common to only have access to the hash of the server certificate (e.g., SHA-256). Validating the server during the TLS handshake using just the hash is not currently supported in the library, which creates challenges for such use cases. *Questions* 1. Is it currently possible to use only a certificate hash to validate a server during the TLS handshake in @grpc/grpc-js? 2. If not, are there any recommended workarounds for validating a server certificate against a known hash using the existing library features? *Why This Matters* Environments with dynamic address books or self-signed certificates often only have access to certificate hashes as a trusted source of verification. Supporting hash-based validation would: - Simplify integration for users in these scenarios. - Align with the flexibility of the TLS protocol, which supports certificate signature validation. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/33b56a0c-e8b9-4071-b2d1-48962e378f0fn%40googlegroups.com.
